The Manx TaxPayers’ Alliance takes a range of steps to allow you to contact us securely. No system is perfectly secure, but these tools and tips will help you to improve security.
Many people in our community may witness things that needs to be brought to public attention. Many people in government and the private sector might feel concerned that they or their colleagues may be required to do something unethical or illegal, and speaking up can lead to negative consequences for their livelihood or freedom.
Giving tips to outside organisations can be risky, and may violate previous legal agreements with your organization, such as a non-disclosure agreement or contract. But sometimes, it can also be an effective and courageous way to call attention to abuses. We are unable to provide legal advice on your personal situation.
This page describes basic steps for minimizing potential risk when sharing sensitive information with the Manx TaxPayers’ Alliance. We want to be clear that no piece of software, nor security recommendation will be 100% effective, and the decision to blow the whistle may invite scrutiny or retaliation. At the same time, it may be a choice that drives necessary institutional change. Before reaching out to us, think carefully about what you can do to minimize that risk, and stay as safe as possible.
Before moving ahead, is it worthwhile?
A good tip requires clear evidence to prove any such claims, and must be about an issue of public concern. Whether or not you have evidence, it might not be of public interest that a neighbour (even if they are a public official) parks their car badly. Allegations of corruption or dubious decision-making by public officials are usually newsworthy, but the Manx TaxPayers’ Alliance will not publish such claims without being able to authenticate evidence.
Are you the only person that knows something?
If you are literally the only person that knows a piece of information, it might be possible for investigators to subsequently deduce that you leaked the information through non-technical means. If many people have been informed of the information (such as by a widely circulated email or memo) then it would be difficult to track down the source of any leak that might occur. The person who leaked could be the person who sent the mass email – or it could be any recipient of that email!
Of course, if you are the only one at your organization who raises a specific grievance, and information about that grievance is later reported by the press, it may give your organization a strong hint about who shared the information. That risk is reduced if there is widespread awareness about the issue (for example, if it was shared to many people on a widely-distributed email thread).
Do not use communication channels that you do not trust
Keep all of your tipping activities outside the view of your organization. For essentially everyone, that means no calling from work, no emailing from a work email address, and staying off work devices or wireless networks for any leaking activities.
Untrusted communication networks might be vulnerable to various monitoring and management tools. Even if a connection is encrypted (such as when you visit this website) it might be possible for an organisation to monitor and record the fact that you visited this website, and the time that you did so. This is called metadata. If you make a phone call from a company phone, then even if the content of the phone call remains secret, the metadata (time, destination and length of the phone call) is likely to be recorded on phone bills and similar logs. Many well-resourced organizations will keep logs of employees’ activities on their devices and online activities.
If you work at a large organization and you’re reading this article on a workplace device or wi-fi network, your workplace might already have a log that you’ve accessed this page. Similarly, visiting a news organization’s tip page (e.g., https://www.nytimes.com/tips) may be logged by your workplace. This is why it’s so important to keep your leaking activities on devices and networks that your workplace doesn’t control.
There are many ways to minimise the risk of a tip being tied to you:
- In most cases, encryption will be sufficient. The best digital option is to use the Signal app on your phone for private messaging. Signal is a free and open source, secure messaging app for iPhones and Android devices. Signal gives you free end-to-end encrypted messages and phone calls. Signal only retains your phone number, your signup date, and when you were last active. If you want help getting started, read this beginner-friendly guide on using Signal. Our phone number on Signal is +447624323552.
- If you use Signal, then the Manx TaxPayers’ Alliance will know the phone number that the Signal account has been registered to, and any other identifying information you provide.
- If you require complete anonymity, you can send your materials through the postal mail. You can mail either electronic documents (e.g., on a memory stick) or physical documents through ordinary mail. Our postal address is listed on our contact page. Obviously, if you contact us anonymously, then we will have no way to question or seek clarification from you.
- If you want to contact the Manx TaxPayers’ Alliance in an anonymous way, but allow us to reply to you, you could create an anonymous email account. Creating a truly anonymous email account is difficult, but here is a reasonable tutorial from the Electronic Frontier Foundation on how to establish and maintain an anonymous email account.
The MTPA’s commitment to protecting sources
Anonymous sources are a vital part of public scrutiny. When we receive leaked information or documents, we need to verify their authenticity, corroborate the information they contain, and carefully assess the material before publishing.
This document is not endorsed by any other organisation. It was drafted based upon advice obtained from public sources online such as the The Electronic Frontier Foundation, The Guardian, The Washington Post, and the Freedom of the Press Foundation.